VYPR
Vendor

Calendarix

Products
2
CVEs
10
Across products
11
Status
Private

Products

2

Recent CVEs

10
  • CVE-2006-1835Apr 19, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.

  • CVE-2026-26341Feb 24, 2026
    risk 0.01cvss epss 0.03

    Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default…

  • CVE-2026-26342Feb 24, 2026
    risk 0.00cvss epss 0.01

    Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared…

  • CVE-2026-26340Feb 24, 2026
    risk 0.00cvss epss 0.01

    Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized…

  • CVE-2008-2429Nov 26, 2008
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and…

  • CVE-2006-4135Aug 14, 2006
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter. NOTE: this issue has been disputed by a third party, who says that the affected…

  • CVE-2006-3094Jun 19, 2006
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) cal_event.php and (2) cal_popup.php.

  • CVE-2005-1864Jun 9, 2005
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter.

  • CVE-2005-1865Jun 9, 2005
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php.

  • CVE-2005-1866May 31, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter.